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REMARKS 

Claims 1-24 stand rejected as anticipated under 35 U.S.C. § 102(e) by U.S. Patent No. 
6,61 1,916 to Cacace-Bailey et al. ("Cacace-Bailey"). Applicants have cancelled Claims 10-13 
and have amended Claims 1-5, 7-8, 14, 16-19 and 21-23 to highlight various of the distinctions 
between those claims and the system of Cacace-Bailey. Below, Applicants briefly highlight a 
few of the reasons why each of the independent claims are patentable over the cited art. 

I. Independent Claims 1, 14 and 19 

Independent Claims 1,14 and 19 comprise a related method, system and computer 
program product claim. Claim 1, which is representative of all three claims, as amended, recites: 

1 . A method for selectively allowing access to a plurality of resources in a 
network, the method comprising: 

receiving a request originated from a user of a multi-user system to transmit a 
message via the multi-user system over the network to one of the plurality of resources, 
wherein each of the plurality of resources has been assigned to one of a plurality of 
security zones based on a level of security sensitivity of the resource; 

identifying a one of the plurality of security zones that is associated with the one 
of the plurality of resources; 

determining if the user of the multi-user system is authorized access to the 
identified one of the plurality of security zones; and 

forwarding the message from the multi-user system over the network only if it is 
determined that the user is authorized access to the identified one of the plurality of 
security zones. 

Support for the amendments to Claim 1 (and Claims 14 and 19) may be found, for example, at 
page 11, line 16-34, page 12, lines 8-15 and 26-31 and page 19, line 15 through page 20, line 9. 

Applicants respectfully submit that Cacace-Bailey does not disclose or suggest the 
inventions of amended Claims 1, 14 and 19. In the cited portion of Cacace-Bailey, the user 
requests that its browser access a server in the second secure domain. (Cacace-Bailey at Col. 5, 
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lines 48-52 and Fig. 3B, step 118). In response, the server in the second secure domain directs 
the user's browser to go to the first secure domain, so that the server at the first secure domain 
can authenticate the user. (Cacace-Bailey at Col. 5, line 55 through Col. 6, line 12 and Fig. 3B, 
stepsl20-134). Then, only if the user was authenticated by the first secure domain is the user 
allowed access to the server in the second secure domain. (Cacace-Bailey at Col. 6, lines 12-21 
and Fig. 3B, steps 136-144). 

In contrast, Claims 1, 14 and 19 recite methods, systems and computer program products 
in which the "request" is a request to transmit a message over a network via a multi-user 
system . 1 Moreover, the message is only forwarded by the multi-user system over the 
network if it is determined that the user is authorized access to a security zone associated with 
the resource that is to receive the message. Applicants respectfully submit that such methods, 
systems and computer program products are not taught or disclosed in Cacace-Bailey. 

In particular, if the user's browser of Cacace-Bailey is argued to comprise a "multi-user 
system", then Cacace-Bailey does not teach "forwarding the message from the multi-user system 
over the network only if it is determined that the user is authorized access to the identified one of 
the plurality of security zones" as recited in Claims 1,14 and 19, as the browser sends the 
message over the network to the server in the second domain without regard to any security 
zones. The browser also clearly does not identify a "security zone" that is associated with the one 
of the plurality of resources, nor does it determine if the user is authorized access to any 
identified security zone as recited in Claims 1, 14 and 19. Alternatively, if the server 32 in the 
second secure domain of Cacace-Bailey is argued to comprise the "multi-user system" of Claims 
1,14 and 19, then Cacace-Bailey does not teach, among other things, "receiving a request ... to 
transmit a message . . . over a network" as recited in Claims 1,14 and 19," as what the server 32 

1 The term "multi-user system" is defined in the specification of the present application as "a 
computer or other data processing device which may execute applications associated with more 
than one user." (Application at 1 1). 
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in the second secure domain of Cacace-Bailey receives is a request that was already transmitted 
over the network. In addition, Applicants have also clarified Claims 1,14 and 19 to make clear 
that the plurality of resources are assigned to respective of the "security zones" based on the level 
of security sensitivity associated with each particular resource. Thus, for each of the above 
reasons, the rejections of independent Claims 1,14 and 19 should be withdrawn. Applicants 
have also amended many of the dependent claims to further highlight additional independent 
reasons that the dependent claims are patentable over the cited art. The dependent claims are 
also patentable as depending from a patentable base claim. 

II. Independent Claim 24 

Independent Claim 24 recites: 

24. A method for selectively allowing a user of a multi-user system access to a 
plurality of resources in a network, the method comprising: 

receiving a message over the network from one of the plurality of resources that is 
addressed to a process running on the multi-user system that is associated with the user; 

identifying, from a plurality of security zones, a security zone associated with the 
one of the plurality of resources; 

determining if the user is authorized access to the identified security zone; and 

forwarding the message to the process only if it is determined that the user is 
authorized access to the identified security zone. 

The Office Action states that Claim 24 is rejected for the same reasons that Claim 1 was rejected. 
However, independent Claim 24 is directed to a very different method than was the method of 
original Claim 1 . In particular, according to Claim 24, a message is received over the network 
from some resource on the network. The received message is addressed to a process running on 
a multi-user system. The message is then forwarded to the process "only if it is determined that 
the user is authorized access to the identified security zone." Applicants do not believe that such 
a system is taught or disclosed in Cacace-Bailey. In any event, to the event that the rejection of 
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Claim 24 is maintained, Applicants respectfully request that the Examiner identify the specific 
structures in Cacace-Bailey that the Examiner contends comprise (1) the "multi-user system" of 
Claim 24, (2) the "one of the plurality of resources" of Claim 24, (3) the "user" of Claim 24 and 
(4) the "process running on the multi-user system" of Claim 24, as Applicants respectfully submit 
that such structures cannot be identified that perform the method recited in Claim 24. 

III. Independent Claim 25 

Applicants have added a new independent Claim 25, which is directed to a data 
processing system that includes a data processing device, a plurality of workstations, and first 
and second data structures. Applicants respectfully submit that the data processing system of 
Claim 25 is not taught or disclosed in Cacace-Bailey. 

IV. Conclusion 

Applicants have also added new Claims 25-28, each of which Applicants respectfully 
submit is patentable over the cited art. 

For each of the above reasons, Applicants respectfully submit that the pending claims are 
patentable over the cited art. 
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